9.2.3rc2 NS lookups failing
This is a discussion on 9.2.3rc2 NS lookups failing within the Bind Users forums, part of the DNS and Related Forums category; (reposting into a new thread) I've built and installed 9.2.3rc2 to workaround the verisign issue. Wildcards in ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-18-2003
|
|||
|
|||
9.2.3rc2 NS lookups failing
(reposting into a new thread)
I've built and installed 9.2.3rc2 to workaround the verisign issue. Wildcards in the root are no longer a problem, however, I'm seeing what seems (IMVHO) to be incorrect behaviour. The announcement of the new release states: "...Briefly, a zone which has been declared "delegation-only" will be effectively limited to containing NS RRs for subdomains, but no actual data outside its apex (for example, its SOA RR and apex NS RRset)..." By my reading of the above, I _should_ be able to do something like: dig ns $domain_that_exists.[com|net] ....and get an answer. What I am instead seeing is: root@severe# dig ns grape.com ; <<>> DiG 9.2.2rc1 <<>> ns grape.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44941 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grape.com. IN NS ;; Query time: 252 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Sep 17 20:48:12 2003 ;; MSG SIZE rcvd: 27 ....and I see a corresponding "no!" in the logs: Sep 17 20:48:12 severe named[5167]: enforced delegation-only for 'com' (grape.com It seems that the only way to get around this new issue, and get the entire NS set for domain from the root, is to do a `dig any $domain` instead: root@severe# dig any grape.com ; <<>> DiG 9.2.2rc1 <<>> any grape.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13192 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;grape.com. IN ANY ;; ANSWER SECTION: grape.com. 172800 IN NS gold.sbcidc.com. grape.com. 172800 IN NS ns.savaii.com. ;; AUTHORITY SECTION: grape.com. 172800 IN NS gold.sbcidc.com. grape.com. 172800 IN NS ns.savaii.com. ;; ADDITIONAL SECTION: ns.savaii.com. 172800 IN A 216.154.253.185 gold.sbcidc.com. 172800 IN A 216.65.209.34 ;; Query time: 1270 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Sep 17 20:49:32 2003 ;; MSG SIZE rcvd: 137 Is this the desired behaviour of `delegation-only`? I'm very pleased that the new zonetype stops wildcards, but I'm somewhat concerned that something else may have been broken. Thanks, Dave -- -------------------------------------------------------- Dave Lugo dlugo@etherboy.com LC Unit #260 TINLC Have you hugged your firewall today? No spam, thanks. -------------------------------------------------------- Are you the police? . . . . No ma'am, we're sysadmins. 
|
Linear Mode
